O8'/09/2O05 12:44 FAX 3146215065 



©012/031 



PATENT 
13DV-13821 



REMARKS 



The Office Action dated May 4, 2005 has been carefully reviewed and the foregoing 
amendment and following remarks are made in consequence thereof. 

Claims 1-16 are now pending in this application. Claims 1-16 stand rejected. 

The rejection of Claims 1 and 5 under 35 U.S.C. § 1 12, first paragraph, is respectfully 
traversed. Applicants respectfully submit that Claims 1 and 5 comply with the written 
description requirement. Specifically, "if the user is denied access, prompting the user to 
complete a request for quick approval wherein the request for quick approval includes a list 
of data for approval. . .automatically determining, using an internal exception access process 
an approval or a disapproval of quick access based on pre-established criteria and the list of 
data for approval., .if the request for quick approval ii approved, at least one of automatically 
adding a rule to the database and automatically adding a user to the database. . .if the rule is 
added, updating an exception list... notifying the user of the approval.", recited in Claims 1 
and 5, are illustrated in the specification at least at paragraph [0042], lines 7-12, which 
describe: 

If the user is denied access, a decision for quick request 238 is 
explored by the system. If the user desires not to pursue quick 
request 238, the user is directed to eProfile application 240 or the 
user can skip 242 the entire process by exiting from the 
application. If the user decided to pursue quick request 238, user 
completes a request for approval 244 which is subjected to an 
internal exception access process 246. If the user is approved 
based on pre-established criteria, the user is notified of the 
approval 248. 

The specification further describes at paragraph [0044], lines 3-1 0 that: 

Process 290 includes a request being submitted by the user for 
approval. The request includes a list of data for approval to 
section manager 292. Section Manager is. responsible for 
decision 294 to approve or disapprove. If the request is denied, a 
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notification 296 is sent to the requester. If the request is 
approved, a decision 298 is made either to add the rule 300 or to 
add the user 302. When a new rule or a new user is added, 
eProfile Storage 304 database is automatically updated. If the 
rule is added 300, an exception list is updated 306, and an 
affirmative notification 308 is sent to the user. 

Applicants respectfully submit that such a description would reasonably convey to 
one of skill in the art, at the time the invention was filed an exception access rule including 
pre-established criteria, applying the exception access rule to the completed request for quick 
approval, and automatically approving access based on the exception access rule. 

For the reasons set forth above, Applicants respectfully request that the Section 1 12 
rejection of Claims 1 and 5 be withdrawn. 

The rejection of Claim 16 under 35 U.S.C. § 101 as being directed to non-statutory 
subject matter is respectfully traversed. Claim 16 has been amended to recite "[a] computer- 
implemented database embodied on a computer-readable medium configured to be protected 
from access by unauthorized individuals by managing user and data profiles by an 
administrator, said database providing access to users based on pre-determined rules and 
criteria further comprising... pre-established criteria data developed from access rules and 
criteria including at least one of Rule Based Access guidelines, Group Based Access 
guidelines, Search & Subscribe Utilities guidelines, Active Positioning Monitoring 
guidelines, Hard Exclusion Rules guidelines, and Access Audits guidelines... applications 
data, including system administrator defined attributes that cross-references the applications 
profile data against unique identifiers... user data, that includes a user's organization and 
citizenship, that cross-references the users profile data against unique identifiers... pre- 
determined rules and methodologies data that facilitates accurate user access decision 
ma k i n g." Applicants respectfidly submit that the database is tangibly embodied on a 
computer-readable medium and that the data elements are positively recited in the amended 
claim. Accordingly, Applicant submits that Claim 16 satisfies the requirements of Section 
101. 

For at least the reasons set forth above, Applicant respectfully requests that the 
Section 101 rejection of Claim 16 be withdrawn. 
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The rejection of Claims 1 and 3-4 under 35 U.S.C. § 103 as being unpatentable over 
Kraenzel (U.S. Pat. No. 6,513,039) in view of Behera (U.S. Pat. No. 6,535,879) is 
respectfully traversed. 

Kraenzel describes a system for generating a profile of a network user based on an 
access control list of the network that is based on objects accessible by the user. The system 
also generates a user profile based on a user's object access privileges, generates a user profile 
based on user affinities, generates a user profile that enables users to select which user 
affinities are inserted into the profile, and generates a user profile that enables users to edit 
the profile. The system accesses a database containing one or more objects requested by a 
user, and retrieves the user's access privileges for the objects) requested. If the user's access 
privileges meet the minimum requirements set by the object administrator, the system 
retrieves the requested object and presents the object(s) to the user. If, the user's access 
privileges do not meet the minimum requirements set by a system administrator for that 
objects), the user may request additional privileges from the system administrator. If 
additional privileges are granted, the system retrieves and presents the requested object to the 
user. Notably, Kraenzel describes at Column 4, lines 30-34 if "the user's access privileges do 
not meet the minimum requirements set by a system administrator for that object(s), step 162 
determines whether the usr has requested additional privileges from the system 
administrator" and does not describe automatically determining, using an internal exception 
access process, an approval or a disapproval of quick access based on pre-established criteria 
and the list of data for approval. The system aciministrator in Kraenzel sets the minimum 
requires and grants additional privileges. Claim 1 describes that an internal exception access 
process automatically determines an approval or a disapproval of quick access based on pre- 
established criteria and the list of data for approval. 

Behera describes an access control via properties system that provides Access Control 
List (ACL) rules that are structured such that the ACL rules indicate the attributes that the 
administrator has selected for user access and specifies the type of access to be granted to a 
user which can include: read, write, or any other privileges that the system supports. The 
desired attributes that the user must have to be granted such access is also listed along with 
the attribute fieldname associated with the desired attributes. The directory server will match 
the desired attributes within the specified attribute fieldname with the user's attributes and 
allows access to the directory entry only if the user has the desired attribute values. 
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Alternatively, a match function can be specified for the desired attributes where the directory 
server matches the desired attributes with the user and the owner of the list of attributes and 
allows access to the directory entry only if the both the user and the owner have the desired 
attribute values. When a user accesses a directory entry, the directory server selects and 
analyzes a specific access control command according to the attribute being accessed. 

Claim 1 recites a method for providing access to users based on user profiles and 
using a web-based system that includes a server system coupled to a centralized interactive 
database and at least one client system wherein the method includes "creating an electronic 
profile for a user within a centralized database, . .creating an electronic profile for data within 
the centralized database... establishing pre-deteimined rules and methodology for user 
access... making a decision with reference to the user access after completing an evaluation 
based on the electronic profiles, pre-determined rules, and operating methodology in response 
to a request from the user for access... if the user is denied access, prompting the user to 
complete a request for quick approval wherein the request for quick approval includes a list 
of data for approval... automatically determining, using an internal exception access process 
an approval or a disapproval of quick access based on pre-established criteria and the list of 
data for approval. . .if the request for quick approval is approved, at least one of automatically 
adding a rule to the database and automatically adding a user to the database. . .if the rule is 
added, updating an exception list. . .notifying the user of the approval." 

Neither Kraenzel nor Behera, considered alone or in combination, describe or suggest 
a method for providing access to users based on user profiles and using a web-based system 
that includes a server system coupled to a centralized interactive database and at least one 
client system as recited in Claim 1. More specifically, neither Kraenzel nor Behera, 
considered alone or in combination, describe or suggest a method that includes automatically 
determining, using an internal exception access process an approval or a disapproval of quick 
access based on pre-established criteria and the list of data for approval. Rather, in contrast 
to the present invention, Kraenzel describes at Column 4, lines 31-35, that "step 156 
determines that the user's access privileges do not meet the minimum requirements set by a 
system administrator for that object(s), step 162 determines whether the user has requested 
additional privileges from the system administrator." Kraenzel further describes a system 
administrator as the object author or manager and that it is the system administrator that may 
change the level of access privileges assigned to particular users at any given time. Kraenzel 
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also describes if additional privileges are granted by the system administrator, the level of 
access privileges assigned to the user is updated and the requested object may be retrieved 
and presented to the user. Behera describes an access control via properties system that 
allows access to the directory entry only if the user has the desired attribute values. However 
no combination of Kraenzel and Behera describes or suggests automatically determining, 
using an internal exception access process an approval or a disapproval of quick access based 
on pre-established criteria and the list of data for approval. 

Applicants respectfully traverse the assertion in the Office Action at page 12, lines 1 8- 
20, that "[instead of granting access as indicated at boxes 152-156, an internal exception 
access process is implemented at boxed 162-166 for quick approval." This assertion is in 
contrast with Kraenzel that describes that additional privileges are requested from a system 
administrator, which is the object author or manager and not an internal exception access 
process as recited in Claim 1 . Applicants respectfully submit that a system administrator can 
not fairly be considered an internal exception access process. For at least the reasons above, 
Applicants respectfully submit that Claim 1 is patentable over Kraenzel in view of Behera. 

Claims 3 and 4 depend from independent Claim 1, which is submitted to be in 
condition for allowance. When the recitations of Claims 3 and 4 are considered in 
combination with the recitations of Claim 1, Applicants submit that dependent Claims 3 and 
4 are also patentable over Kraenzel in view of Behera. 

Notwithstanding the above, the rejection of Claims 1, 3, and 4 under 35 U.S.C. § 
103(a) as being unpatentable over Kraenzel in view of Behera is further traversed on the 
grounds that the Section 103 rejection of the presently pending claims is not a proper 
rejection. Obviousness cannot be established by merely suggesting that it would have been 
obvious to one of ordinary skill in the art to modify the method of Kraenzel by applying the 
access rules to the ACL as taught by Behera. More specifically, as is well established, 
obviousness cannot be established by combining the teachings of the cited art to produce the 
claimed invention, absent some teaching, suggestion, or incentive supporting the 
combination. Rather, the present Section 103 rejection appears to be based on a combination 
of teachings selected from multiple patents in an attempt to arrive at the claimed invention. 
Specifically, Kraenzel is cited for its teaching of a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list, and Behera is 
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merely cited for its teaching of a method to control access via properties system by providing 
ACL rules based on properties associated with the entries. Since there is no teaching nor 
suggestion in the cited art for the claimed combination, the Section 103 rejection appears to 
be based on a hindsight reconstruction in which isolated disclosures have been picked and 
chosen in an attempt to deprecate the present invention. Of course, such a combination is 
impermissible, and for this reason alone, Applicants respectfully request that the Section 103 
rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the Kraenzel method by applying the access rules to the ACL as taught by Behera in 
order to grant access to a user or a group to a particular attribute object in the database," 
suggests combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
^ood, 28 U.S.P.Q.2d 1300 (Bd. Pat App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck. 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion or motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claims I, 3, and 4 be withdrawn. 

The rejection of Claim 2 under 35 U.S.C. § 103 as being unpatentable over Kraenzel 
(U.S. Pat. No. 6,513,039) in view of Behera (U.S. Pat. No. 6,535,879), CERN 
[Administrative Information Services, Oracle HRJ and Lillibridge (U.S. Pat. No. 6,195,698) 
is respectfully traversed. 
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Kraenzel and Behera are described above. CERN is a hardcopy of a webpage dated 
9/29/03 that lists the major functions of Oracle*HR as: personal information management, 
assignments (contracts) management, recruitment management, payroll elements 
management, absence entitlement management, career management, management of official 
documents, access rights, etc., and structures management (divisions, experiments), etc. 
Notably CERN does not describe nor suggest creating an electronic profile. 

Lilh'bridge describes a computerized access request method wherein a server 
computer receives an access request from a client computer. The server computer generates a 
predetermined number of random characters that are used to form a string in the server 
computer. The string is randomly modified either visually or audibly to form a riddle. The 
original string is the correct answer to the riddle. The server computer renders the riddle on 
an output device of the client computer, and the client computer sends an answer to the 
server. The server determines if the guess is the correct answer, and if so, the access request 
is accepted. 

Claim 1 recites a method for providing access to users based on user profiles and 
using a web-based system that includes a server system coupled to a centralized interactive 
database and at least one client system wherein the method includes "creating an electronic 
profile for a user within a centralized database. . .creating an electronic profile for data within 
the centralized database. . .establishing pre-determined rules and methodology for user 
access... making a decision with reference to the user access after completing an evaluation 
based on the electronic profiles, pre-determined rules, and operating methodology in response 
to a request from the user for access... if the user is denied access, prompting the user to 
complete a request for quick approval wherein the request for quick approval includes a list 
of data for approval. . .automatically determining, using an internal exception access process 
an approval or a disapproval of quick access based on pre-established criteria and the list of 
data for approval., .if the request for quick approval is approved, at least one of automatically 
adding a rule to the database and automatically adding a user to the database... if the rule is 
added, updating an exception list. . .notifying the user of the approval." 

None of Kraenzel, Behera, CERN, nor Iillibridge, considered alone or in 
combination, describe or suggest a method for providing access to users based on user 
profiles and using a web-based system that includes a server system coupled to a centralized 
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interactive database and at least one client system as recited in Claim 1. More specifically, 
no combination of Kraenzel, Behera, CERN, and Lillibridge describes or suggests a method 
that includes prompting the user to complete a request for quick approval, retrieving, from the 
centralized database, an exception access rule including pre-established criteria, applying the 
exception access rule to the completed request for quick approval, automatically approving 
access based on the exception access rule. Rather, in contrast to the present invention, 
Kraenzel describes at Column 4, lines 31-35, that "step 156 determines that the user's access 
privileges do not meet the minimum requirements set by a system administrator for that 
object(s), step 162 determines whether the user has requested additional privileges from the 
system administrator." Kraenzel further describes a system administrator as the object author 
or manager and that it is the system administrator that may change the level of access 
privileges assigned to particular users at any given time. Kraenzel also describes if additional 
privileges are granted by the system administrator, the level of access privileges assigned to 
the user is updated and the requested object may be retrieved and presented to the user. 
Moreover, Behera describes an access control via properties system that allows access to the 
directory entry only if the user has the desired attribute values, CERN describes an Oracle 
Human Resources application used at CERN but, does not describe nor suggest creating an 
electronic profile, and Lillibridge describes generating a riddle and waiting for a 
predetermined amount of time for a correct response from a client system. Accordingly, none 
of Kraenzel, Behera, CERN, nor Lillibridge considered alone or in combination, describe or 
suggest prompting the user to complete a request for quick approval, retrieving, from the 
centralized database, an exception access rule including pre-established criteria, applying the 
exception access rule to the completed request for quick approval, automatically approving 
access based on the exception access rule. Accordingly, Applicants respectfully submit that 
Claim 1 is patentable over Kraenzel in view of Behera, CERN, and Lillibridge. 

Claim 2 depends from independent Claim 1, which is submitted to be in condition for 
allowance. When the recitations of Claim 2 are considered in combination with the 
recitations of Claim 1, Applicants submit that dependent Claim 2 is also patentable over 
Kraenzel in view of Behera, CERN, and Lillibridge. 

Notwithstanding the above, the rejection of Claim 2 under 35 U.S.C. § 103(a) as 
being unpatentable over Kraenzel in view of Behera, CERN, and Lillibridge is further 
traversed on the grounds that the Section 103 rejection of the presently pending claims is not 
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a proper rejection. Obviousness cannot be established by merely suggesting that it would 
have been obvious to one of ordinary skill in the art to modify the methods of Kraenzel and 
Behera by using information from OHR Application and RFCA Application. Specifically, as 
is well established, obviousness cannot be established by combining the teachings of the cited 
art to produce the claimed invention, absent some teaching, suggestion, or incentive 
supporting the combination. Rather, the present Section 103 rejection appears to be based on 
a combination of teachings selected from multiple patents in an attempt to arrive at the 
claimed invention. More specifically, Kraenzel is cited for its teaching of a method for 
generating a profile of a network user based on a user's access privileges stored in an access 
control list, Behera is merely cited for its teaching of a method to control access via 
properties system by providing ACL rules based on properties associated with the entries, 
CERN is cited for teaching an OHR application, and Lillibridge is cited for teaching a RFCA 
Application. Since there is no teaching or suggestion in the cited art for the claimed 
combination, the Section 103 rejection appears to be based on a hindsight reconstruction in 
which isolated disclosures have been picked and chosen in an attempt to deprecate the present 
invention. Of course, such a combination is impermissible, and for this reason alone, 
Applicants respectfully request that the Section 103 rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Blather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants* own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art to modify the Kraenzel and Behera 
method by using information from OHR Application and RFCA Application to build the 
electronic profile in order to distribute object to a user or a group via IP address," suggests 
combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
^"g**, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP Il43.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck. 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
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In the present case, neither a suggestion nor motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 2 be withdrawn. 

The rejection of Claims 5-14 under 35 U.S.C. § 103 as being unpatentable over 
Kraenzel (U.S. Pat. No. 6,513,039) is respectfully traversed. 

Applicant respectfully submits that the Section 103 rejection of Claims 5-14 is not a 
proper rejection. The mere assertion that such an apparatus would have been obvious to one 
of ordinary skill in the art does not support a prima facie obvious rejection. Rather, each 
allegation of what would have been an obvious matter of design choice must always be 
supported by citation to some reference work recognized as standard in the pertinent art, and 
the Applicant given an opportunity to challenge the correctness of the assertion or the repute 
of the cited reference. Applicant has not been provided with the citation to any reference 
supporting the modification made in the rejection. The rejection, therefore, fails to provide 
the Applicant with a fair opportunity to respond to the rejection, and foils to provide the 
Applicant with the opportunity to challenge the correctness of the rejection. Therefore, 
Applicant respectfully request that the Section 103 rejection of Claims 5-14 be withdrawn. 

Moreover, Applicant respectfully submits mat obviousness cannot be established by 
merely suggesting that it would have been an obvious to one of ordinary skill in the art to 
modify Kraenzel. More specifically, it is respectfully submitted that a prima fecie case of 
obviousness has not been established. As explained by the Federal Circuit, "to establish 
obviousness based on a combination of the elements disclosed in the prior art, there must be 
some motivation, suggestion or teaching of the desirability of making the specific 
combination that was made by the applicant." In re Kotzab. 54 USPQ2d 1308, 1316 (Fed. 
Cir. 2000). MPEP 2143.01. 

Moreover, the Federal Circuit has determined that: 

[I]t is impermissible to use the claimed invention as an 
instruction manual or "template" to piece together the teachings 
of the prior art so that the claimed invention is rendered 
obvious. This court has previously stated that "[o]ne cannot 
use hindsight reconstruction to pick and choose among isolated 
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disclosures in the prior art to deprecate the claimed invention " 
In re Fitch, 23 USPQ2d 1780, 1784 (Fed. Cir. 1992). 

Further, under Section 103, "it is impermissible ... to pick and choose fiom any one 
reference only so much of it as will support a given position, to the exclusion of other parts 
necessary to the full appreciation of what such reference fairly suggests to one of ordinary 
skill in the art." by re Wesslau , 147 USPQ 391, 393 (CCPA 1965). Rather, there must be 
some suggestion, outside of Applicant's disclosure, in the prior art to combine such 
references, and a reasonable expectation of success must be both found in the prior art, and 
not based on Applicant's disclosure. InreVaeck. 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 

In the present case, neither a suggestion nor motivation to modify the cited art, nor 
any reasonable expectation of success has been shown. Rather, because there is no teaching 
nor suggestion in the cited art for the claimed modification, the Section 1 03 rejection appears 
to be based on a hindsight reconstruction in which isolated portions of Kraenzel have been 
picked and chosen in an attempt to deprecate the present invention. Of course, such a 
combination is impermissible, and for this reason alone, Applicant requests that the Section 
103 rejection of Claims 5-14 be withdrawn. 

Further, and to the extent understood, Kraenzel does not describe nor suggest the 
claimed modification, and as such, the presently pending claims are patentably 
distinguishable fiom Kraenzel. Specifically, Claim 5 recites a method for managing user 
profile information, including managing access control to applications and data by 
implementing a level of security across the different applications that is the same for each 
application, using a web-based system that includes a server system coupled to a centralized 
interactive database and at least one client system wherein the method includes providing 
capabilities for a user to request access to information that the user currently does not have 
access to... tracking a status of the request using a tracking component coupled to the 
centralized interactive database... obtaining a decision from an owner of the data 
requested... if the user is denied access, prompting the user to complete a request for quick 
approval wherein the request for quick approval includes a list of the information the user is 
requesting access to for approval... automatically detennining, using an internal exception 
access process an approval or a disapproval of the quick access request based on pre- 
established criteria and the list of information the user is requesting access to...if the request 
for quick approval is approved, at least one of automatically adding a rule to the database and 
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automatically adding a user to the database. . .if the rule is added, updating an exception 
list. . .notifying the user of the approval." 

Kraenzel does not describe nor suggest a method for managing user profile 
information, including managing access control to applications and data by implementing a 
level of security across the different applications that is the same for each application as 
recited in Claim 5. Specifically, Kraenzel does not describe nor suggest a method that 
includes tracking a status of the request using a tracking component coupled to the 
centralized interactive database, nor if the request for data access is approved, adding at least 
one of a rule and the user to the database. Moreover, Kraenzel does not describe nor suggest 
a method that includes if the user is denied access, prompting the user to complete a request 
for quick approval wherein the request for quick approval includes a list of the information 
the user is requesting access to for approval and automatically determining, using an internal 
exception access process an approval or a disapproval of the quick access request based on 
pre-established criteria and the list of information the user is requesting access to. Rather, in 
contrast to the present invention, Kraenzel describes at Column 4, lines 31-35, that "step 156 
determines that the user's access privileges do not meet the minimum requirements set by a 
system administrator for that object(s), step 162 determines whether the user has requested 
additional privileges from the system administrator." Kraenzel further describes a system 
administrator as the object author or manager and that it is the system administrator that may 
change the level of access privileges assigned to particular users at any given time. Kraenzel 
also describes if additional privileges are granted by the system administrator, the level of 
access privileges assigned to the user is updated and the requested object may be retrieved 
and presented to the user. Applicants respectfully submit that a system administrator can not 
fairly be considered an internal exception access process. Accordingly, for at least the 
reasons set forth above, Claim 5 is submitted to be patentable over Kraenzel 

Claims 6-14 depend from independent Claim 5, which is submitted to be in condition 
for allowance. When the recitations of Claim s 6-14 are considered in combination with the 
recitations of Claim 5, Applicants submit that dependent Claims 6-14 are also patentable over 

Kraenzel. 
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The rejection of Claim 15 under 35 U.S.C. § 103 as being unpatentable over Kraenzel 
(U.S. Pat. No. 6,513,039) in view of Stockwell (U.S. Pat. No. 6,535879) is respectfully 



traversed. 



Kraenzel is described above. Stockwell describes a method of regulating data flow 
through a firewall such that an agent or application attempts assess through the firewall. To 
make an ACL check, the agent collects information about the nature of the connection. This 
information includes the source and destination IP address. The agent places this information 
into a query list. The query list contains all of the relevant information needed to make the 
ACL check. The agent then submits the query list to acid 60 and acid 60 searches for a rule 
that matches the query list and returns a reply list. The reply list includes either "allow" or 
"deny" to indicate if the connection should be accepted or rejected. Other values in the reply 
list are side effects that change the behavior of the agent 

Claim 5 recites a method for managing user profile information, including managing 
access control to applications and data by implementing a level of security across the 
different applications that is the same for each application, using a web-based system that 
includes a server system coupled to a centralized interactive database and at least one client 
system wherein the method includes providing capabilities for a user to request access to 
information that the user currently does not have access to... tracking a status of the request 
using a tracking component coupled to the centralized interactive database... obtaining a 
decision from an owner of the data requested. . .if the user is denied access, prompting the 
user to complete a request for quick approval wherein the request for quick approval includes 
a list of the information the user is requesting access to for approval... automatically 
deterniining, using an internal exception access process an approval or a disapproval of the 
quick access request based on pre-established criteria and the list of information the user is 
requesting access to... if the request for quick approval is approved, at least one of 
automatically adding a rule to the database and automatically adding a user to the 
database... if the rule is added, updating an exception list... notifying the user of the 
approval." 

Neither Kraenzel nor Stockwell, considered alone or in combination, describe or 
suggest a method for managing user profile information, including managing access control 
to applications and data by implementing a level of security across the different applications 

-19- 



PAGE 24/31 * RCVD AT 8/9/2005 1:39:21 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/29 • DNIS:2738300 * CSID:314B21S085 * DURATION (mm-ss):1 1-00 



08/09/2005 12:49 FAX 3146215065 ©025/031 

V ~"' s — ' PATENT 

13DV-13821 

that is the same for each application as recited in Claim 5. Specifically, neither Kraenzel nor 
Stockwell describe or suggest a method that includes tracking a status of the request using a 
tracking component coupled to the centralized interactive database, nor if the request for data 
access is approved, adding at least one of a rule and the user to the database. Moreover, 
neither Kraenzel nor Stockwell describe or suggest a method that includes if the user is 
denied access to the requested data, prompting the user to complete a request for quick 
approval, retrieving, from the centralized database, an exception access rule including pre- 
established criteria, applying the exception access rule to the completed request for quick 
approval, and automatically approving access based on the exception access rule. Rather, in 
contrast to the present invention, Kraenzel describes at Column 4, lines 31-35, that "step 156 
determines that the user's access privileges do not meet the minimum requirements set by a 
system administrator for that object(s), step 162 determines whether the user has requested 
additional privileges from the system administrator." Kraenzel further describes a system 
administrator as the object author or manager and that it is the system administrator that may 
change the level of access privileges assigned to particular users at any given time. Kraenzel 
also describes if additional privileges are granted by the system administrator, the level of 
access privileges assigned to the user is updated and the requested object may be retrieved 
and presented to the user, and Stockwell describes a method of regulating data flow through a 
firewall such that an agent or application attempts assess through the firewall, but neither 
Kraenzel nor Stockwell, considered alone or in combination describes or suggests 
automatically approving access based on an exception access rule, having pre-established 
criteria, that is retrieved from a centralized database. Accordingly, Applicants respectfully 
submit that Claim 5 is patentable over Kraenzel in view of Stockwell. 

Claim 15 depends from independent Claim 5, which is submitted to be in condition 
for allowance. When the recitations of Claim 15 are considered in combination with the 
recitations of Claim 5, Applicants submit that dependent Claim 15 is also patentable over 
Kraenzel in view of Stockwell. 

Notwithstanding the above, the rejection of Claim 15 under 35 U.S.C. § 103(a) as 
being unpatentable over Kraenzel in view of Stockwell is further traversed on the grounds 
that the Section 103 rejection of the presently pending claims is not a proper rejection. 
Obviousness cannot be established by merely suggesting that it would have been obvious to 
one of ordinary skill in the art to modify the method of Kraenzel by including a network in 
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order to process the method for remote users. Specifically, as is well established, 
obviousness cannot be established by combining the teachings of the cited art to produce the 
claimed invention, absent some teaching, suggestion, or incentive supporting the 
combination. Rather, the present Section 103 rejection appears to be based on a combination 
of teachings selected from multiple patents in an attempt to arrive at the claimed invention. 
More specifically, Kraenzel is cited for its teaching of a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list, and Stockwell 
is merely cited for its teaching of a firewall-to-firewall encryption system that includes a 
workstation communicating through a firewall to an unprotected network. Since there is no 
teaching nor suggestion in the cited art for the claimed combination, the Section 103 rejection 
appears to be based on a hindsight reconstruction in which isolated disclosures have been 
picked and chosen in an attempt to deprecate the present invention. Of course, such a 
combination is impermissible, and for this reason alone, Applicants respectfully request that 
the Section 103 rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Stockwell because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants* own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the Kraenzel method by including a network in order to process the method for 
remote users," suggests combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
tevengood, 28 U.S.P.Q.2d 1300 (Bd. Pat App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants 1 disclosure. In re Vaeck, 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion nor motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 
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For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 15 be withdrawn. 

The rejection of Claim 16 under 35 U.S.C. § 103 as being unpatentable over Behera 
(U.S. Pat. No. 6,535,879) in view of Kraenzel (U.S. Pat. No. 6,513,039) is respectfully 
traversed. 

Applicants respectfully submit that neither Behera nor Kraenzel, considered alone or 
in combination, describe or suggest the claimed invention. As discussed below, neither 
Behera nor Kraenzel, considered alone or in combination, describe or suggest establishing 
pre-determined rules and methodology for user access, making a decision with reference to 
the user access after completing an evaluation based on the electronic profiles, pre- 
determined rules, and operating methodology in response to a request from the user for 
access and if the user is denied access, prompting the user to complete a request for quick 
approval wherein the request for quick approval is subjected to an internal exception access 
process, and quick approval is approved based on pre-established criteria. 

Behera and Kraenzel are described above. 

Claim 16 recites a computer-implemented database embodied on a computer-readable 
medium configured to be protected from access by unauthorized individuals by managing 
user and data profiles by an administrator such that the database provides access to users 
based on pre-determined rules and criteria wherein the database includes. . .pre-established 
criteria data developed from access rules and criteria including at least one of Rule Based 
Access guidelines, Group Based Access guidelines, Search & Subscribe Utilities guidelines, 
Active Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and Access 
Audits guidelines... applications data including system administrator defined attributes that 
cross-references the applications profile data against unique identifiers... user data, that 
includes a user's organization and citizenship, that cross-references the users profile data 
against unique identifiers... pre-detennined rules and methodologies data that facilitates 
accurate user access-decision making." 

Neither Behera nor Kraenzel, considered alone or in combination, describe or suggest 
a computer-implemented database that includes pre-established criteria data developed from 
access rules and criteria, applications data including system administrator defined attributes 
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that cross-references the applications profile data against unique identifiers, user data, that 
includes a user's organization and citizenship, that cross-references the users profile data 
against unique identifiers, and pre-determined rules and methodologies data that facilitates 
accurate user access decision making. 

More specifically, neither Behera nor Kraenzel, considered alone or in combination, 
describe or suggest a database that includes, data corresponding to pre-established criteria 
developed from access rules and criteria, and data corresponding to users that cross- 
references the users data against unique identifiers. Rather, in contrast to the present 
invention, Behera describes a directory server that will merely match the desired attributes 
within the specified attribute fieldname with the user's attributes and will allow access to the 
directory entry only if the user has the desired attribute values, and Kraenzel describes at 
Column 4, lines 31-35, that "step 156 determines that the user's access privileges do not meet 
the minimum requirements set by a system administrator for that object(s), step 162 
determines whether the user has requested additional privileges from the system 
administrator." Kraenzel further describes a system administrator as the object author or 
manager and that it is the system administrator that may change the level of access privileges 
assigned to particular users at any given time. Kraenzel also describes if additional privileges 
are granted by the system administrator, the level of access privileges assigned to the user is 
updated and the requested object may be retrieved and presented to the user 

Notwithstanding the above, the rejection of Claim 16 under 35 U.S.C. § 103(a) as 
being unpatentable over Behera in view of Kraenzel is further traversed on the grounds that 
the Section 103 rejection of the presently pending claims is not a proper rejection- 
Obviousness cannot be established by merely suggesting that it would have been obvious to 
one of ordinary skill in the art to modify the Behera technique by using the method of access 
as taught by Kraenzel in order to process an access request of a user. More specifically, as is 
well established, obviousness cannot be established by combining the teachings of the cited 
art to produce the claimed invention, absent some teaching, suggestion, or incentive 
supporting the combination. Rather, the present Section 103 rejection appears to be based on 
a combination of teachings selected from multiple patents in an attempt to arrive at the 
claimed invention. Specifically, Behera is cited for its teaching of a LDAP as a database 
configured to be protected from access by using ACL. Kraenzel is cited for its teaching of a 
method for generating a profile of a network user based on a user's access privileges stored in 
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an ACL. Since there is no teaching nor suggestion in the cited art for the claimed 
combination, the Section 103 rejection appears to be based on a hindsight reconstruction in 
which isolated disclosures have been picked and chosen in an attempt to deprecate the present 
invention. Of course, such a combination is impermissible, and for this reason alone, 
Applicants respectfully request that the Section 103 rejection be withdrawn. 

Further, Behera and Kraenzel both describe modifying an ACL to update access 
privileges, Behera describes using user attributes matched against desired attributes and 
Kraenzel describes using a user affinity determined by a user affinity object There appears 
to be no motivation to combine Behera and Kraenzel because the combination makes either 
or both of the methods inoperable. Accordingly, no reasonable likelihood of success has 
been shown. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art to modify the Behera technique by using 
the method of access as taught by Kraenzel in order to process an access request of a user," 
suggests combining the features. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
LeyenRood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck. 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion or motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 16 be withdrawn. 
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In view of the foregoing amendments and remarks, all the claims now active in this 
application are believed to be in condition for allowance. Reconsideration and favorable 
action is respectfully solicited. 

Respectfully submitted, 

William J. Zychlewicz 
Reg. No. 51,366 
Armstrong Teasdale LLP 
One Metropolitan Square, Suite 2600 
St. Louis, MO 63012 
(314)621-5070 
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